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METHOD AND SYSTEM FOR TRIGGERING ENHANCED SECURITY 
VERIFICATION IN RESPONSE TO ATYPICAL SELECTIONS AT A 
SERVICE -ORIENTED USER INTERFACE TERMINAL 



BACKGROUND OF THE INVENTION 

1. Technical Field: 

This invention relates in general to a method and 
system for interfacing with customers at service-oriented 
terminals, and in particular to a method and system for 
p service-oriented, user interface terminals where users 

make purchases electronically. Even more particularly, 
J.p- the invention relates to a system and method for 

|!n automatically authorizing a remote point of purchase 

s ! iS : action at a facility which permits such actions. The 

m system prompts a user with additional security-related 

= ! 10 questions when the user selects responses that deviate 

I'll from the user's typical selections. 

!; 2. Description of Related Art: 

15 Service-oriented, user interface terminals for 

making purchases electronically, such as with a 
commercial credit card or debit card, are now common. 
These types of terminals are typically utilized wherever 
a basic or routine transaction can be processed more 

2 0 efficiently on site without the need for human 

intervention or judgment. Examples include fuel pumps of 
automotive refueling stations, automated vending machines 
for purchasing tickets for transportation (e.g., airline 
tickets) , personalized greeting card vending machines, 

25 and the like. Users of such terminals tend to become 

repeat customers and, in many instances, select the same 
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set of options every time they make a transaction. For 
example, whenever an individual uses his or her credit 
card to purchase automotive fuel directly at the fuel 
pump, he or she may always choose the premium grade of 
fuel, never want a receipt, and always select the lowest 
priced car wash. 

To use these terminals, users are merely required to 
swipe their electronic card through a reading device 
(thereby entering their account information into the 
system) and wait for approval before selecting their 
options. The ease and convenience of such transactions 
tend to make such terminals easy targets for unauthorized 
users. Although some terminals and/or electronic cards 
also require users to enter a password or personal 
identification number (PIN) , this information also can be 
easily compromised. Thus, an improved algorithm with 
enhanced but not unduly difficult security features for 
interfacing users of service-oriented terminals is 
needed. 
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SUMMARY OF THE INVENTION 



A method and system for prompting a repeat user of a 
payment card at an interface terminal with additional 
security-related questions when the user selects 
responses that deviate from his or her typical 
selections. The payment card is read at the terminal, 
its line of credit is authorized, and a profile of the 
user's purchasing habits is retrieved. The user then 
enters his or her current selection of options. A 
determination is then made as to whether the user's 
current selections match his or her user profile. If the 
user's current selections match the user profile, the 
process allows the user to obtain the services or 
facilities. If the user's current selections do not 
match the user profile, the process queries the user with 
additional security questions to ascertain whether the 
current user is an authorized user. If the user is 
unable to answer the security questions correctly, the 
process prevents the user from accessing the services or 
facilities. If the user is able to answer the security 
questions correctly, the process allows the current user 
to begin fueling his or her vehicle, for example. 

Accordingly, it is an object of the invention is to 
provide a method and system for interfacing with 
customers at service-oriented terminals. 

It is an additional object of the invention is to 
provide a method and system for service-oriented, user 
interface terminals where users make purchases 
electronically . 



Yet another object of the invention is to provide a 
system and method for automatically authorizing a remote 
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point of purchase action at a facility which permits such 
actions . 

Additional objects and advantages of the invention 
will become apparent in light of the description which 
follows . 
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BRIEF DESCRIPTION OP THE DRAWINGS 
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So that the manner in which the features, advantages 
and objects of the invention, as well as others which 
will become apparent, are attained and can be understood 
in more detail, more particular description of the 
invention briefly summarized above may be had by 
reference to the embodiment thereof which is illustrated 
in the appended drawings, which drawings form a part of 
this specification. It is to be noted, however, that the 
drawings illustrate only a preferred embodiment of the 
invention and is therefore not to be considered limiting 
of its scope as the invention may admit to other equally 
effective embodiments . 

Figure 1 depicts a schematic diagram of an 
illustrative embodiment of an automated refueling station 
interface terminal constructed in accordance with the 
method and system of the present invention. 

Figure 2 is a layer diagram of the programs in the 
data processing system of Figure 1 that cooperate to 
automatically connect to a remote data processing system 
according to the method and system of the present 
invention . 

Figure 3 is a schematic diagram of an optional user 
interface terminal for the data processing system of 
Figure 1 . 

Figure 4 is a high level, logical flowchart of an 
illustrative embodiment of the method and system of the 
present invention utilized by the automated refueling 
station of Figure 1 for qualifying users of credit or 
debit cards . 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

The present invention may be executed in a variety 
of systems including computer systems having various 
operating systems. The computer system may be a personal 
computer, a network computer, a midrange computer or a 
mainframe computer. In addition, the computer may be a 
stand-alone system or part of a network such as a local - 
area network (LAN) or a wide-area network (WAN) . For the 
purposes of illustration, one embodiment of the present 
invention, as described below, is implemented utilizing a 
personal computer . 

Referring now to Figure 1, there is depicted a block 
diagram of a server 112. Server 112 includes a system 
bus 210 that is connected to a central processing unit 
(CPU) 212 and to memory, including read only memory (ROM) 
214 and random access memory (RAM) 216. System bus 210 
is coupled to a PCI local bus 218 through a PCI host 
bridge 220. PCI local bus 218 is connected to additional 
nonvolatile data storage devices, such as one or more 
disk drives 222, and to an audio adapter 23 0 and a 
graphics adapter 232 for controlling audio output through 
a speaker 234 and visual output through a display device 
236, respectively. A PCI-to-ISA bus bridge, such as 
expansion bus bridge 238, connects PCI local bus 218 to 
an ISA bus 240, which is attached (through appropriate 
adapters) to a keypad 242 for receiving operator input. 
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Also included within server 112 are data ports for 
communicating with external equipment, such as other data 
processing systems. The data ports include, without 
5 limitation, a serial port 250 attached to ISA bus 240 for 

linking server 112 to remote data processing systems 
(such as a bridge) via a modem (not illustrated) and a 
communications adapter 252 attached to PCI bus 218 for 
linking server 112 to other stations of a LAN (such as 
10 clients) . 

Server 112 also contains software applications that 
PI are stored on the data storage devices and loaded into 

Q RAM 216 for execution by CPU 212. Among those 

"15 applications is a communications program, such as 

EH communications manager 260, that manages the exchange of 

information between the LAN and remote data processing 

i, Li 

1=5 systems. Included in communications manager 260 is a 

* connection initiator 261 for establishing dial-up 

::;20 connections to remote data processing systems. 

H Communications manager 26 0 also includes Internet sharing 

'jf software 262 that enables multiple LAN stations to access 

q the Internet via a single connection. In the 

illustrative embodiment, server 112 also includes a 
25 connection schedule file 264, which preferably is stored 

in disk drive 222, and Internet sharing software 262 
includes a request predictor 265 that utilizes connection 
schedule file 264 to trigger connection initiator 261 in 
advance of anticipated communication requests. 

30 

Connection schedule file 264 is maintained by a 
schedule editor and/or an automatic schedule modifier, 
each of which is preferably also included in Internet 
sharing software 262. Server 112 also includes a Web 
35 browser 270 and an E-mail client 280 that allow an 
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operator of server 112 or client to retrieve and view 
information from the Internet and send and receive E-mail 
via the Internet, respectively. 

5 With reference now to Figure 2, there is depicted a 

layer diagram of the software applications within server 
112 that cooperate to provide the functionality of the 
present invention according to the illustrative 
embodiment . At the highest level of the layer diagram 
10 are the software application programs 310, including 

communications manager 260, web browser 270, and E-mail 
client 280. At the intermediate level is an application 
3 program interface (API) 320, through which application 

3 programs 310 request services from the operating system 

3.5 330. Operating system 330, which occupies the lowest 

H level of the layer diagram, is a network operating 

* system. As such, in addition to managing the operations 

of server 112 (by performing duties such as resource 
;i allocation, task management, and error detection) , 

n?0 operating system 330 also provides tools for managing 

H communications within the LAN and between LAN stations 

; « and remote data processing systems. Included within 

operating system 330 is a kernel 332 that manages the 
memory, files, and peripheral devices of server 112. The 
25 lowest level also includes device drivers, such as a 

keypad driver 340 that kernel 332 utilizes to manage 
input from and output to peripheral devices. 

For purposes of illustration of the invention, an 
3 0 automotive refueling station having a fuel pump equipped 

with a user interface terminal 81 (Figure 3) is 
described. Terminal 81 includes a display screen 83 and 
option buttons 85 that can be selected by the user when 
prompted by the system. 
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Ref erring now to Figure 4, there is illustrated one 
embodiment of a high level, logic flow diagram of a 
method for prompting repeat users of payment and/or 
identification cards, at interface terminals with 
5 additional security-related questions when the users 

select responses that deviate from their typical 
selections. Note that the present invention is capable 
of tracking the selections of an authorized user across 
multiple interface terminals while he or she is using 
10 cards with different account numbers. Alternatively, the 

invention is also adapted to track the selections of an 
authorized user at individual interface terminals with a 
i'-s single card, or any combination of these scenarios. 

7^-5 In one embodiment, a fuel pump is equipped with the 

i;n terminal 81 of Figure 3, and the algorithm begins as 

I": illustrated at block 401 (Figure 4) . A credit or debit 

iq card for purchasing fuel at a fuel pump is scanned or 

read, as shown in block 403. The credit or debit card 
j=;20 may be any electronically, magnetically, optically, or 

H j otherwise scanned device. As depicted in block 405, a 

. t determination is then made as to whether or not a line of 

q credit or debit is authorized by the card issuer. If the 

card is not authorized, the process proceeds to block 
25 407. Block 407 illustrates displaying within display 

screen 83 "See attendant," "Authorization denied," or 

similar message for conveying to the user that an 

alternate means of payment is required. 

30 If the card is authorized, the process proceeds to 

block 409. Block 409 depicts the retrieval of a user 
profile (UP) for the authorized user of the card. The 
user profile represents the routine or typical selections 
that this particular user chooses when given the same 

35 choice of options at each visit. For example, when the 
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user utilizes his or her card at the fuel pump of a 
refueling station, the user is always prompted by the 
following inquiries: (a) "Would you like a receipt for 
this purchase?"; (b) "Select fuel grade."; (c) "Would you 
like a car wash?", and, if so, (d) "Select type of car 
wash." Since some users tend to select the same set of 
options at every visit, a user profile of the typical 
selections for each user can be generated. For example, 
in the last n visits (e.g., five visits), the user has 
never requested a receipt, always selected premium 
unleaded fuel, and always purchased an economy car wash. 
This hypothetical user's purchase habits readily generate 
a user profile that can be used as a low-level security 
check or threshold for determining whether an 
unauthorized user is using the card. 

After the user's profile is obtained, as depicted in 
block 409, the process proceeds to block 411 wherein the 
user enters his or her current selection of options. A 
determination is then made whether the user's current 
selections match his or her user profile, as illustrated 
in block 413. Alternatively, a limited number of 
selections (e.g., one or two) that are inconsistent with 
the authorized users typical answers may be allowed. If 
the user's current selections match or are similar to the 
user profile, the process proceeds to block 415. Block 
415 illustrates displaying a "Begin fueling" message to 
the user. If the user's current selections do not match 
the user profile or, alternatively, are not within a 
desired range of consistency with the user profile, the 
process proceeds to block 417. Block 417 depicts a 
determination of whether the current user can answer 
selected questions with information that an authorized 
user would possess. The questions posed to the current 
user can number one or more, and may be varied in 
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difficulty. Possible prompts include: "enter your zip 
code," "enter your phone number," or, "enter your 
password or PIN," to name a few. In addition questions 
of a more personal, differentiating nature may also be 
5 queried. Thus, block 417 represents a security check for 

screening users who, at the very least, are selecting 
atypical options for the card, or worse, users who are 
unauthorized to use the card. 

10 If the current user is unable to answer the security 

question (s) of block 417 correctly, the process again 
proceeds to block 407, which illustrates displaying a 
r » "See attendant," "Authorization denied," or similar 

Q message for conveying to the current user that alternate 

;!i5 means of payment are required. If the current user is 

;;n able to answer the security question (s) of block 417 

! *; correctly, the process proceeds to block 415 which 

Y| depicts permitting the current user to begin fueling his 

or her vehicle. Block 419 illustrates a determination of 
•"20 whether a "fueling complete" signal has been received by 

the process. When the user has completed the fueling of 
]j his or her vehicle the fueling complete signal is 

3 received by the process, and the process exits as 

illustrated at block 421. 

25 

The present invention has several advantages. The 
process allows current users of credit or debit cards to 
be screened for security purposes based upon their 
selection of options. If the option selected by the 
3 0 current user are inconsistent or atypical for the 

authorized user of the card, the process prompts the 
current user with additional security-related questions 
in an attempt to prevent unauthorized use of the card. 
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It is also important to note that, although the 
present invention has been described in the context of a 
fully functional computer system, those skilled in the 
art will appreciate that the mechanisms of the present 

5 invention are capable of being distributed as a program 

product in a variety of forms, and that the present 
invention applies equally regardless of the particular 
type of signal -bearing media utilized to actually carry 
out the distribution. Examples of signal-bearing media 

0 include, but are not limited to, recordable -type media 

such as floppy disks or CD-ROMs and transmission-type 
media such as analogue or digital communications links. 



